Digital Communications Compliance: Predictions for the 2nd Half of 2023

Jul 14th '23

June 30, 2023, marked the end of an unprecedented year in digital communications. We’ve witnessed a slew of 37 new or updated rules, the implementation of the SEC 17a-4 recordkeeping update, a Marketing Rule update and a cyber rule (Rule 10) that will impact the industry well into the future. Meanwhile, we also have seen the unfettered explosion of ChatGPT and similar large language models (LLMs) as tools to improve content generation and decision-making efficiency. How firms communicate and collaborate will continue to be front and center on the regulatory radar for the balance of 2023.


So, what should we expect over the next six months? Here are a few observations related to the two topics that dominated the headlines in the first half – off channel and LLMs – that will continue into the second half of 2023.


Off-channel: The beginning of the end of regulation by enforcement?

Despite clear signaling by the SEC and FINRA regarding ongoing focus on off-channel communications, many firms struggle to arrive at a point they believe is ‘good enough’ to satisfy the regulatory mandate to identify and remediate deficiencies. It’s clear, as SEC Chairman Gensler stated at the FINRA Annual Conference, “policies alone are not sufficient” – but determining the optimal mix of policy tuning, updated training, and oversight procedures remains elusive. This parental notion of scolding the child – and only then telling it what should have been done – is raising the frustration level surrounding the ‘regulation by enforcement’ strategy and will increase the pressure level for the SEC to modify its approach. Other implications of the off-channel communications topic include:


The move toward corporate-owned devices (COD) continues, with limits

While we can expect a continuation in the shift toward COD strategies, the economics of deploying and maintaining mobile devices becomes more challenging with size. This will drive greater awareness of mobile device management (MDM) features available to support BYOD strategies, as well as an increase in firms that use hybrid approaches.


Oversight practices of mobile remains vexing

Beyond the device policy decision, the struggle of determining what supervisory/surveillance practices will be considered ‘reasonable’ by regulators will continue – particularly for non-regulated users such as executives. Should non-regulated users be added to supervisory pools? Should existing supervisory policies be tuned to look for off-channel breadcrumbs from non-regulated users for further inspection? Best practices will remain elusive, which we have recently attempted to capture in this white paper we produced in conjunction with Ernst & Young.


The playing field expands to non-text-based messaging

As noted by FINRA at the annual conference, firms should be considering the use of alternative content formats like voice and emojis as potential sources of off-channel activities from those attempting to avoid monitored channels. We expect that scrutiny in this area will intensify given the nature of today’s multi-modal collaborative tools and will likely be the subject highlighted in future enforcement actions.


Self-reporting and stronger collaboration with regulators will increase

The SEC made a very clear statement in contrasting its most recent enforcement actions in the $7M to $15M neighborhood against the more sizable earlier fines. In paraphrasing SEC enforcement head Grewal’s words, the difference is intentional to reflect firms that had self-reported off-channel lapses and action taken on deficiencies that had previously been identified. The results of this message should become evident through additional enforcement actions in the second half in the ‘smaller’ fine category for global banks, as well as smaller broker-dealers and advisers.


ChatGPT will make its mark on compliance

Over the last year, ChatGPT and other large language models (LLMs) have gone from the obscure to the mainstream. What has become clear is the enormous potential to completely redefine everything from specific jobs to entire industries. What needs to be clarified are the implications for regulated businesses in terms of understanding how they can be governed to remediate their risks effectively. Here’s what lies ahead:


Prohibition policies will be enacted

Despite the disruptive opportunities created by AI, the policy move most firms will make is to say ‘no’ until they have a better understanding of its impact and risks. For many of its potential uses, ChatGPT serves as a tool to support decision-making and delivery of content, and as such, will initially be treated under the same (if not greater) level of scrutiny as other unapproved communications tools currently under the regulatory microscope.


Due diligence of existing applications will intensify

As we’ve seen countless times, prohibition is rarely effective, and it isn’t easy to see a different outcome for an area of technology that is driving at a pace of innovation never seen before. Firms can provide policies, training and squash internal projects. Still, they will continue to expend a growing amount of energy in assessing how AI-driven functionality may be embedded by existing applications and systems to ensure that the firm’s assets and information are not exposed to models with inadequate controls.


Firms will prioritize investments in controlled applications and systems

Despite the hype surrounding ChatGPT, regulated firms will look first toward large language models designed and trained for specific, controlled processes such as conduct surveillance for investigation of off-channel communications and outside business activities. Other processes are also likely to focus on internal decision-making processes using closed models where inputs and outputs can be better controlled.


AI will change monetization strategies of content source providers

AI and LLMs will continue to be seen as a monetization opportunity for many, including Microsoft, Google, Salesforce, Meta and what remains of Twitter. This has changed the perception of value created by the information within their applications and has resulted in a change in the cost that some seek to impose to extract information from those applications. This has significant implications for the content sources financial services firms choose to allow for business use and will result in increased pushback from the industry and a switch to more economically favorable alternatives.


Regulators will chime in

With opportunity comes the potential for fraud and abuse, followed by regulatory focus. As the SEC has already stated that it sees AI as a source of the next financial crisis, we should fully expect guidance from the SEC on how regulated firms should attempt to govern its use and manage its risk.


These are just the beginning of topics that center on digital communications. Crypto appears to be finally reaching the end of its era of regulatory limbo as infrastructure, payment or security – or some combination – and getting closer to an oversight structure as the result of current litigation. Regional banking will likely see increased regulatory oversight, including increased inspection into insider trading and greater accountability placed upon external auditors.


There’s a long list of topics — RegBI, Digital Engagement Practices, Marketing Rule enforcement, Rule 10 finalization and more —for us to explore further over the Summer Break Sessions. Stay tuned.




Mitigate Cyber Compliance Risk: Policies in Your Cybersecurity Framework Watch now


Source: Smarsh


Author: Robert Cruz -Vice President, Information Governance at Smarsh

Robert is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to mitigate any risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Need A Regulatory Marketing Compliance Consultant? A Bit More About Us


Contact us


Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


We welcome individual bloggers / Professional Writers / Freelancers to submit high quality contents. Find out more…



Connect with us via social media and drop us a message from there. We’d love to hear from you and discuss how we can help.


Facebook  Instagram  LinkedIn  X (formally Twitter) YouTube


Contact us